|
|
This chapter describes how to configure Token Ring filters on the Catalyst 5000 family switch.
This chapter consists of these sections:
Catalyst 5000 family Token Ring modules provide filtering capabilities to reduce broadcast traffic, block protocols, and provide basic security.
You can filter frames based on the following:
You can configure MAC address filters for input ports only, and configure DSAP/SNAP filters for both input and output ports. You can configure up to 16 MAC address or DSAP/SNAP filters for each port on the Token Ring modules.
To filter data based on the MAC address, you must specify an address and indicate whether you want to block or allow frames that contain the address as a source or destination address. To filter data based on a protocol, specify either a DSAP or SNAP, and specify whether to permit or deny frames with that protocol.
These sections describe how to configure Token Ring filters:
When configuring a MAC address filter, you can enter the MAC address in canonical or noncanonical form. Frames that contain the MAC address as a source or destination address are dropped or passed, depending on whether you specify that the filter permits or denies the frames.
To add a filter based on MAC addresses, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Add a filter based on the MAC addresses. | set port filter mod_num/port_num mac_addr {permit | deny} |
Step 2 Verify the MAC filter configuration. | show port filter [mod_num[/port_num]] [canonical] |
This example shows how to set up a port filter and verify the configuration:
Console> (enable) set port filter 3/2 00:40:0b:01:bc:65 permit
Port 3/2 filter Mac Address 00:40:0b:01:bc:65 set to permit.
Console> (enable) show port filter 3/2
Port Mac-Addr Type
----- ----------------- ------
3/2 00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
Port Protocol Type
----- ----------------- ------
3/2 0x8035(ip) deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
Console> (enable)
To add a filter based on protocol, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Add a filter based on protocols. | set port filter mod_num/port_num protocol_type {permit | deny} |
Step 2 Verify the protocol filter configuration. | show port filter [mod_num[/port_num]] [canonical] |
This example shows how to configure a protocol filter on a port and verify the configuration:
Console> (enable) set port filter 3/2 ip permit
Port 3/2 filter Protocol ip set to permit.
Console> (enable) show port filter 3/2
Port Mac-Addr Type
----- ----------------- ------
3/2 00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
00:00:00:00:00:00 deny
Port Protocol Type
----- ----------------- ------
3/2 0x8035(ip) deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
0xfefe deny
0xffff deny
Console> (enable)
To clear a MAC address filter, protocol filter, or all configured filters, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear a MAC address filter, protocol filter, or all configured filters. | clear port filter [mod_num/port_num] [mac_addr | protocol_type | all] |
This example shows how to clear all filters on a port:
Console> (enable) clear port filter all All filter MAC addresses and Protocols cleared Console> (enable)
Posted: Fri Oct 1 13:28:28 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.